Hi, On Wed, Apr 22, 2009 at 6:22 PM, Rory Douglas <[email protected]> wrote: > Bertrand Delacretaz wrote: >> 2) Prevent legitimate scripts from messing up with the system > An variant of 2) just showed up in the "Accessing JCR" thread. Looks like > anyone that can upload a script can do the following: > > <sling:defineObjects/> > <% > SlingRepository repo = sling.getService(SlingRepository.class); > Session superSession = repo.loginAdministrative(null); > // and then do anything, like > superSession.getRootNode().remove(); > %>
loginAdministrative is fine for trusted code, but you're right that we might want to restrict it. Not sure how to best approach this...what do people think? -Bertrand
